SSH Communications SecuritySSH Communications Security is the market leader in developing advanced security solutions to meet today’s business, security and compliance requirements in encrypted networks.http://www.ssh.com/blog
Sat, 11 Jul 2015 01:30:00 +0300Sat, 11 Jul 2015 01:30:00 +030018003rd Party & Supply Chain Access Must Be a Core Element of Enterprise Security Strategies In today's digital world, access is everything. It is the fundamental pillar that determines whether critical enterprise assets are safe or exposed. Knowing the answers to the questions: who is accessing what?, where are they accessing information from?, why they are accessing information?, and what exactly are they accessing?; these are the basic questions which stand between a breach and brand reputation. Today, access extends well beyond the borders of the enterprise. Global supply chains are increasingly complex. This year at RSA, Josh Douglas, CTO at Raytheon, described the global supply chain as being comprised of…https://ssh.com/blog/3rd-party-supply-chain-access-critical-4-enterprises
https://ssh.com/blog/3rd-party-supply-chain-access-critical-4-enterprisesSat, 11 Jul 2015 01:30:00 +0300Secure Shell Support Coming To Windows In early June, Microsoft announced something that surprised many; namely that they will be supporting Secure Shell (SSH) in their PowerShell tool used by many system administrators, developers and power users. The move would make not only the SSH client native on Windows, but would also make the SSH server native as well. Microsoft would also contribute code to the OpenSSH project – huge news to anyone who has followed the history of Microsoft and open source. It also underlines the change the company is going through in the hands of Satya Nadella, who took the helm little more than a year ago as only the third CEO in the…https://ssh.com/blog/secure-shell-support-windows
https://ssh.com/blog/secure-shell-support-windowsThu, 25 Jun 2015 22:30:00 +0300Key rotation alone doesn’t solve our SSH user key problems Breaches pertaining to SSH user keys are insidious. There are two primary reasons behind this. First, most organizations do not have comprehensive inventories of what trusts are valid for SSH user keys and do not carefully differentiate between those dedicated for interactive usage and those for service accounts. Secondly, most organizations do not engage in a continuous monitoring of key based authentication and lack a clear understanding from what source IP addresses SSH user keys may and should authenticate. Based on this alone it is difficult for organizations to ascertain whether a trust is rogue, and are usually chasing the…https://ssh.com/blog/ssh-key-rotation
https://ssh.com/blog/ssh-key-rotationTue, 09 Jun 2015 13:30:00 +0300You Control The Lock. The House Key Less So. We’ve all been there: standing outside your home, you put your hand in your pocket, only to discover your house key is gone. Panic sets in. Where is it? Did I leave it at work? Did it fall out? Did someone steal it? What am I going to do? You can turn fatalistic, cry your bad luck and wait for the problem to take care of itself. You can determine another way to open the door. Call you wife, disrupt her work, make her drive home and let you in. Or maybe your neighbor or landlord has a copy. Call the locksmith – except you bought that special lock – no go there. Break down the door. Crash the window. Regardless of which choice you make, the big…https://ssh.com/blog/change-the-lock
https://ssh.com/blog/change-the-lockTue, 02 Jun 2015 21:30:00 +0300Day 1 of Infosecurity Europe conference is underway Wow what a day it has been for our crew at Infosecurity Europe 2015! Our booth was ready to welcome visitors first thing in the morning, and throughout the day there was a steady stream of people wanting to learn more about Privileged Access Management approach from the creators of SSH protocol. Key demos we have on tap are SSH Universal Key manager and CryptoAuditor. Here’s James demoing how CryptoAuditor can help businesses get the transparency they need for building their businesses further, without harming productivity in the process. In the afternoon, Kalle was showcasing the SSH approach of regaining control of…https://ssh.com/blog/ssh-infosecurity-europe
https://ssh.com/blog/ssh-infosecurity-europeTue, 02 Jun 2015 14:30:00 +0300North South East West People & Machines - Privileged Access Management for the Cloud Does Not Have to Be Painful When considering privileged access management challenges organizations face today, you can simply spin around in circles considering all the angles that need to be considered from a privileged user and M2M perspective. There is no doubt, a great infrastructural transformation is ongoing seeing more and more critical business application functions being moved to private, public and hybrid clouds. With this in mind, the consideration of how we monitor, control and audit our encrypted traffic and privileged access to and from the cloud, and between and within clouds is becoming a security necessity forcing us to rethink how we…https://ssh.com/blog/cloud-pam
https://ssh.com/blog/cloud-pamWed, 11 Mar 2015 06:00:00 +02002015 - The Guardians of the Mainframe Legacy Another year has come and gone. For me, this is my 32nd anniversary in the IT field and the 21st in Security. Time has certainly flown by since punch cards, reel-to-reel tape, and thermal paper operator consoles. Physical security of locked Data Centers, IT cabinets, and closets and wired terminals are long in the past. No one envisioned the Internet of Everything and the Cloud. ..............or hacker terrorists from around the world. There will be a time in the hopefully distant future that I will no longer be in this business. Most of my peers and colleagues from the 80's and 90's are retiring or heading off to something else. Which leads to the…https://ssh.com/blog/mainframe-new-year
https://ssh.com/blog/mainframe-new-yearMon, 05 Jan 2015 13:00:00 +0200Cooler Heads Will Prevail When thinking of IT security trends, I don’t think I would be on the wrong track if I would dub the year 2014 as “The Year of Open Source Vulnerability”. In the same vein, past couple of years could be called “The Year of Snowden” and “The Year of Multiple Web Site Breaches which Resulted in Millions of Stolen Credit Card Numbers”, in no particular order. Topics that have previously been covered only in IT-specific media, have gradually crept into traditional media too. And this year has been the first time when vulnerabilities in open source components or widely used protocols are receiving heavy coverage even in traditional newspapers. …https://ssh.com/blog/cooler-heads-will-prevail
https://ssh.com/blog/cooler-heads-will-prevailMon, 08 Dec 2014 10:00:00 +0200Do You Fulfill Hong Kong Monetary Authority’s General Principles for Technology Risk Management? The commencement of Shanghai-Hong Kong Stock Connect represents not only increasing cross-border trading, but also continuously growing data exchange between financial institutions such as stock exchange authorities, banks, and brokerage firms. The machine-to-machine (M2M) transactions that power the automation of critical business operations and data transfers are typically protected with some form of data-in-transit encryption. The Secure Shell protocol is a commonly used encryption method in M2M processes within financial sectors – and has been for nearly two decades. The protocol is an IETF standard, has been…https://ssh.com/blog/hkma
https://ssh.com/blog/hkmaThu, 27 Nov 2014 08:00:00 +0200A Video Is Worth a Million Words It is a well-known fact that system administrators with root-level privileges have wider access to company’s critical information assets than the C-level executives. With great power comes great responsibility, and most people will also act responsibly. But as an information security officer, would you trust this power and responsibility to someone you cannot identify or whose actions you cannot verify afterwards? Your answer is most likely no! Thus, I must ask you, are you sharing privileged account (e.g. root) passwords or SSH keys with multiple persons? If you are, and something unexpected happens, which requires you to investigate the…https://ssh.com/blog/millionwords
https://ssh.com/blog/millionwordsTue, 11 Nov 2014 13:30:00 +0200[Infographic] 4 Steps to Secure Shell Key Management Bliss Secure Shell is an essential component in the day-to-day functions for many IT professionals. In fact, a recent Forrester study found 82% of organizations use Secure Shell and 68% consider Secure Shell important or critical to their business. While most enterprises use Secure Shell to run and maintain essential business processes, few have ever examined their deployment process of Secure Shell. Secure Shell keys are often created without any oversight or management, and the elevated privileges that accompany Secure Shell keys means there is a higher risk for data breaches and compliance violations. Why Does Secure Shell…https://ssh.com/blog/4steps
https://ssh.com/blog/4stepsMon, 27 Oct 2014 08:00:00 +0200Interview with SSH's new CEO, Harri Koponen Harri Koponen, 51, eMBA, Dr. Econ. (h.c.), joined SSH at the beginning of October as our new CEO. I took a few minutes of his time to hear where he comes from, what his views are on the current IT security market, and what his focus will be in the near future. https://ssh.com/blog/ceoharri
https://ssh.com/blog/ceoharriTue, 14 Oct 2014 19:00:00 +0300Potential Pitfalls of MAS TRM Guidelines Monetary Authority of Singapore (MAS) revised its Technology Risk Management Guidelines (TRM) in June 2013. Financial Institutions (FI) operating in Singapore have since been reviewing the guidelines against their own security procedures and infrastructures, to determine necessary enhancements to match the new requirements. While the guidelines are not legally binding, MAS uses them when performing risk assessments of the FI. The guidelines themselves are a holistic and quite sensible set of high-level guidance on the processes, controls, and responsibilities necessary for implementing system security, and for protecting…https://ssh.com/blog/mastrm
https://ssh.com/blog/mastrmTue, 07 Oct 2014 10:00:00 +0300Heartbleed and Shellshock – Different Vulnerabilities, Same Lesson Just last month we hosted a webinar called “ Heartbleed – You Stopped the Bleeding but Did You Fix the Problem? ”. Heartbleed allows an attacker to retrieve the contents of memory from vulnerable servers. As a result, any private credentials that might have been resident in memory can no longer be considered private. That is why many enterprises and public facing web services advised their users to change their passwords. What did not get much attention were other forms of credentials such as private SSH keys. One stolen private key gives an attacker access to the systems that specific private key is authorized on. For example, a…https://ssh.com/blog/shockbleed
https://ssh.com/blog/shockbleedWed, 01 Oct 2014 14:00:00 +0300Elliptic Curves and More: Universal SSH Key Manager Version 1.3.3 The latest version of Universal SSH Key Manager brings an important update: support for elliptic curve cryptography (ECC) keys. If you’re not familiar with ECC, suffice it to say that it’s an approach to public-key cryptography based on elliptic curves which is said to provide the same level of security as traditional RSA or DSA but with smaller key sizes while also using faster and lighter algorithms. Why is support for ECC important? Because ECC algorithms have been gaining popularity and have become embedded into modern SSH implementations. It can no longer be ignored. If you have an SSH key management solution which only…https://ssh.com/blog/sshellipticcurves
https://ssh.com/blog/sshellipticcurvesSun, 07 Sep 2014 14:00:00 +0300